@alpine Supposedly, business accounts are protected by “enterprise data protection”. The last bullet point in this header of their documentation states that one implication of this is what “your data isn’t used to train foundation models”.
As far as I can tell from the second link, “foundation models” are their largest models that their smaller, purpose-built models are based on. To me, this leaves a clear loophole to enable training any of their more niche models on even *enterprise data*.
Let me be clear. I know firsthand that this was enabled without warning for companies with NDAs working on critical infrastructure and hospitals with HIPAA laws to follow. As far as I can tell right now, this looks like a clear attempt at training their AIs on protected information.
And this doesn’t even cover the case of people signing into their work computers with personal Microsoft accounts, opening the door for company and patient data to be scraped with even fewer legal guardrails.
#Privacy #security #infosec #BigTech
https://learn.microsoft.com/en-us/copilot/microsoft-365/enterprise-data-protection#enterprise-data-protection-for-prompts-and-responses
https://blogs.microsoft.com/on-the-issues/2024/03/28/data-protection-responsible-ai-azure-copilot/